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(54) METHOD FOR CONTROLLING IMAGE OUTPUT AND DEVICE FOR OUTPUTTING 
PICTURE 

(57)Abstract: ^§ ? ■? 

PROBLEM TO BE SOLVED: To protect the secret of 
data preserved in an image outputting device. 
SOLUTION: A client device 20 transmits print data 100 
and an authentication code 120 to a printer system 10. 
A print server 12 of the printer system 10 generates 
data 160 for collation from the print data 100, and 
enciphers the print data 100 by the authentication code 
120 for generating preservation data 150, and preserves 
the preservation data 150 and the data 160 for collation 
in a storage device 14 by making those data correspond 
to each other. When a user selects the preservation 
data 150 by a UI part 18, and inputs the authentication 
code, a printer server 12 decodes the preservation data 
150 by using the authentication code as a key, and 
judges whether or not the preservation data 150 are 
correctly decoded by referring to the data 1 60 for 
collation. Then, when the preservation data 150 are 
correctly decoded, the decoded result is printed by a 
print engine 16. 
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* NOTICES * 

JPO and INPiT are not responsible for any 
damages caused by the use of this translation. 

l.This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2 **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1]A generating picture job which a client published is once kept to an image output 
device, It is a picture output control method which waits for and carries out the generating 
picture of said kept job for output instruction from a user, A picture output control method 
which should encipher said generating picture job kept to said image output device, and said 
image output device decrypts data of the enciphered generating picture job by a decryption key 
inputted from a user on the occasion of output instruction of a generating picture job, and 
performs image output processing. 

[Claim 2]The picture output control method according to claim 1 transmitting a cryptographic 
key to said image output device with said generating picture job from said client, and said image 
output device's enciphering the generating picture job by the cryptographic key, and keeping it. 
[Claim 3]The picture output control method according to claim 1 only when it judges whether a 
decryption result of said generating picture job is the right and said image output device is 
judged [ a decryption result ] to be the right, wherein it performs an output process. 
[Claim 4]The picture output control method according to claim 3, wherein said image output 
device creates data for collation for a judgment of a decryption result of being the right and 
keeps this data with an encryption result of said generating picture job from data of that job in 
the case of encryption of said generating picture job. 

[Claim 5]The picture output control method according to claim 3 carrying out possible [ of the 
deletion of a generating picture job which was being kept ] only when said decryption result is 
judged to be the right. 

[Claim 6]The picture output control method according to claim 1, wherein said image output 
device enciphers and keeps a generating picture job received from said client and it notifies a 
decryption key of the encryption result to said client. 
[Claim 7]An image output device comprising: 

A means to receive a generating picture job and an authorization code from a client. 
A means to encipher by the authorization code and to keep the generating picture job. 
A means to receive an input of an authorization code from a user in connection with output 
instruction to said kept job. 

An output control means which decrypts said job for output instruction and performs a 
generating picture by an inputted authorization code based on the decryption result. 

[Claim 8]An image output device comprising: 

A means to receive a generating picture job from a client. 

A means to notify a decryption key of the encryption result to said client while enciphering and 
keeping the generating picture job. 

A means to receive an input of a decryption key from a user in connection with output 
instruction to said kept job. 

An output control means which decrypts said job for output instruction and performs a 
generating picture by an inputted decryption key based on the decryption result. 
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[Claim 9]An image output device which will process the job and will perform a generating picture 
if a generating picture job is received and kept from a client via a network characterized by 
comprising the following and output instruction occurs from a user. 
A means to keep a generating picture job. 

A means to receive selection of an output object out of a kept generating picture job. 

A means to judge whether a selected generating picture job is enciphered. 

An output control means which requires an input of a decryption key, decodes the job by a 

decryption key inputted according to this, and performs a generating picture using the decryption 

result when a selected generating picture job is enciphered. 

[Claim 10]An image output device given in either from claim 7 only when it judges whether said 
decryption result is the right and said output control means is judged [ a decryption result ] to 
be the right, wherein it performs an output process to claim 9. 



[Translation done.] 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]This invention relates to the method of the output control of the job when 
a generating picture job is transmitted from a client via a network to a remote image output 
device. 
[0002] 

[Description of the Prior Art]an output becoming that it is indistinguishable from others' printout 
and hard to find it, when performing a printout to a remote printer via a network, or an output 
being seen by others by the time a user goes to take even a printer, or losing **** — etc. — 
the problem is pointed out from the former. 

[0003]As conventional technology for solving such a problem, it registers for the print server as 
a user beforehand, and the method which performs user authentication in a print server and 
performs a printout is known well. For example, in the method indicated by JP,8-256239,A, if a 
user name and a password are entered with a digital composite machine, the composite machine 
will log in to a user's PC (personal computer), print data will be acquired, and a printout will be 
performed. In art given in JP,1 1-305968.A, the print server accumulates the print data received 
from the client, and if the input of just certification information is received from a user about the 
data, it will carry out the printout of the data. 

[0004] Attestation ID is added to the print job sent to a print server as conventional technology 
of another method, and the method which makes a printout possible in inputting the attestation 
ID into a print server is known. There is art shown, for example in each gazette of JP 9- 
212317.A, JP.10-16355.A, JP.1 1-305968.A, and JP,1 1-15609.A in such a method 
[0005] 

[Problem(s) to be Solved by the Invention] Since a printout was not performed from a print 
server unless it passes through attestation, each above-mentioned conventional technology was 
effective in respect of calling it the security of a printed result. However, in order that each of 
each above-mentioned conventional technologies may keep the print data sent from the client 
as it is in a print server, it may have been tried to look into the kept print data. 
[0006]This invention is made in order to solve such a problem, and it is a thing. 
The purpose is to provide the picture output control method and device which realize security of 
the data kept to the image output device of **. 

[0007] 

[Means for Solving the Problemjln order to solve such a problem, it is made to keep a generating 
picture job which performed encryption processing to image output devices, such as a printer in 
this invention. And in the case of generating pictures, such as printing, kept job data are 
decrypted by a decryption key which a user inputted, and an output process is performed 
[0008]Here, it judges whether a decryption result is the right and a useless output can be 
prevented because it is made not to perform an output process in not being right. A judgment of 
propriety of a decryption result creates and keeps data for collation from data of the original job 
in the case of encryption, for example, It can carry out by comparing a decryption result with the 
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data for collation, or adding data for collation to data of a job, enciphering, and investigating 

whether it is a decryption result and the data for collation is decoded correctly. 

[0009] 

[Embodiment of the Invention] Hereafter, an embodiment of the invention (henceforth an 
embodiment) is described based on a drawing. 

[001 0][Embodiment 1] Drawing 1 is a figure for describing a 1st embodiment of this invention. 
[0011]In this system, the printer system 10 as an image output device is a common printer 
system put, for example on a print shop, an office, etc., and contains the print server 12, the 
memory storage 14, the print engine 16, and the UI (user interface) section 18. 
[0012]The print server 12 is a device which controls overall processing of the printer system 10. 
In addition to general processing capabilities, such as registration of the printing directions from 
the client apparatus 20, scheduling of a print job, conversion in the form of print data which can 
be printed, the print server 12 is provided with the function to encipher and keep print data to 
the memory storage 14. The memory storage 14 is a device which accumulates the print data 
etc. which were received from the client apparatus 20. The print engine 16 is a device which 
prints print data on paper etc. The UI section 18 is a device which provides an operation menu, a 
status display, etc. of the printer system 10, and receives an indicating input etc. to a user. 
[0013]The printer system 10 has the function to keep the print data 100 received from the client 
apparatus 20 until the output instruction from a user occurs. Here, in this embodiment, security 
of the print data under storage is planned by enciphering and keeping them rather than keeping 
print data as it is. The print server 12 performs encryption processing and the authorization code 
120 supplied from the client apparatus 20 is used for the encryption key for encryption. 
[0014]When the user A is going to do the printout of the print data 100 from the printer system 
10 and it desires security of print data, he sets up the authorization code 120. Any of the 
method which the user A itself inputs, and the method which the client apparatus 20 generates 
automatically according to a user's directions may be sufficient as setting out of the 
authorization code 120. The set-up authorization code 120 matches with the print data 100, and 
is transmitted to the printer system 10. The identification information 1 10 is added to the print 
data 100 transmitted. The title of the print data 100, etc. are information for the user A to 
identify the print data 100, and this identification information 110 is set up irrespective of the 
existence of setting out of the authorization code 120, for example. 

[0015]In the printer system 10 which received the print data 100 from the client apparatus 20, 
the print server 12 memorizes these print data 100 to the memory storage 14 with the 
corresponding identification information 110. This procedure is shown in drawing 2 . 
[0016]The print server 12 is usually a reception waiting state of the data of the print data 100, 
the identification information 110, and authorization code 120 grade (S10, S12). Reception of the 
print data 100 will investigate whether the authorization code 120 accompanies (S14). If there is 
no authorization code 120, the print server 12 is matched with the identification information 110, 
will use the print data 100 as the stored data 150 as it is, and will keep them to the memory 
storage 14 (S24). (since I hear that the user is not demanding security) 

[001 7]If there is the authorization code 120, the print server 12 will judge next whether it is data 
of PDL (Page Description Language) which the print data 100 can process with the print engine 
16 (S16). If this decision result is No, the print server 12 will change those print data 100 into 
PDL (S18). This conversion is unnecessary if the print data 100 are PDL. 

[0018]Next, the print server 12 creates the data 160 for collation from the print data of PDL, 
matches with the identification information 110 and saves (S20). The data 160 for collation 
creates what extracted predetermined parts (the portion which is not related to a printing 
content is desirable), such as a header of the PDL data, the check sum value of the PDL data, 
etc. based on a predetermined rule from the PDL data. And using the authorization code 120 as 
a key, the print data of PDL are enciphered (S22), and the enciphered data is used as the stored 
data 150, is matched with the identification information 110, and is kept to the memory storage 
14 (S24). Completion of storage will cancel the original print data 100 and the authorization code 
120. 

[0019]Next, processing when doing in this way and carrying out the printout of the kept data 150 
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is explained with reference to drawing 3. 

[0020]First, the print server 12 displays the list of the identification information 110 of the 
stored data 150 currently kept in the memory storage 14 on the UI section 18 (S30). The user A 
who came chooses and directs data to carry out a printout out of the list display in the UI 
section 18 till the place of the printer system 10 (S32). According to this, the print server 12 
performs the acknowledgment indicator of a start of printing in the UI section 18, and if the data 
may be satisfactory for a user, he will input that into the UI section 18 (S34). 
[0021 ]If a user checks, the print server 12 will confirm whether to be data in which the selected 
stored data 150 is enciphered (S36). If not enciphered, the print server 12 passes the stored 
data to the print engine 1 6 as it is, and carries out a printout (S44), If enciphered, the print 
server 12 will perform the display to which the input of an authorization code is urged in the UI 
section 18, and will receive the input of the authorization code from a user to it (S38). 
[0022]The method which forms the reader which a user makes the authorization code portable 
storage media, such as an IC card and a memory card, or other than a method performed by a 
manual entry memorize by keypad, a touch panel, etc., and reads the storage to the printer 
system 10 is also preferred for the input method of an authorization code. 

[0023]If an authorization code is inputted, the print server 12 will decrypt the stored data 150 
using the code (S40). And the data 1 60 for collation which was being kept corresponding to the 
stored data 150 and its decoding result are compared, and it confirms whether decoded correctly 
or not (S42). If not decoded correctly, it returns to S38 and an authorization code is reinputted. 
If decoded correctly, the data (data of PDL) of the decoding result will be passed to the print 
engine 16, and a printout will be made to perform as a result of collation (S44). Thereby, the 
printed result 200 is obtained. 

[0024]It is asked after the printout of S44 whether the print server 12 cancels the stored data 
150 which carried out the printout to a user via the UI section 18 (S46). In that there is a 
schedule of reuse of the stored data 150 etc., the user should just input directions of the 
purport that it does not cancel. When there are directions of cancellation, the print server 12 
deletes the stored data 150 (and the corresponding identification information 110 and matching 
data 160 (supposing it is)) from the memory storage 14 (S48). Deletion will not be performed if 
there are directions of the purport that it does not cancel. In the case of the system installed in 
a print shop etc. for the use in an office building etc. although it is useful, it is unnecessary to 
enable it to leave the stored data 150. 

[0025]lt may set up with the client apparatus 20, may add and transmit to the print data 100, and 
may enable it to input the printing attributes at the time of a printout (number of copies, one 
side/both sides, etc.), for example after an attestation (decoding) success etc. by the printer 
system 10 side. 

[0026]As explained above, since the print data 100 can be enciphered and kept to the printer 
system 10 according to the system of this embodiment, even if it should try to look into the data 
under storage, there is no possibility that the contents may be known. Since a printout is not 
performed unless stored data is correctly decoded by the right authorization code, the structure 
of this embodiment has also achieved the function of the user authentication at the time of 
output instruction. As [ delete / a printout is carried out with the decoding result which is not 
right, and / since a printout is not performed and cancellation of stored data is not performed, 
either, unless it is decoded correctly / stored data ] 

[0027]In the above example, although the data 160 for collation was created from the print data 
(PDL) before encryption, the data 160 for collation is completely generated automatically 
independently, and it may be enciphered as print data by adding this to print data. The data for 
collation is made into a fixed value, and this may be added to print data and it may encipher. In 
this case, it is not necessary to match the data for collation with the stored data 150, and to 
save it. 

[0028]In the above example, although encryption and decryption were performed by the same 
authorization code, if a public-key crypto system etc. are used, the key of encryption and the 
key of decryption can also be made separate. 

[0029]In the above example, after the print server 12 changed the received print data 100 into 
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PDL which can process the print engine 16, encryption for storage was performed, but it is also 
preferred to encipher and keep the received print data 100 by the authorization code 120. In this 
case, after a user s authorization code input performs decoding processing, conversion to PDL is 
performed. 

[0030] [Embodiment 2] The above-mentioned Embodiment 1 enciphered print data by the printer 
system 10 side. On the other hand, in this embodiment, the method which keeps the data 
enciphered by the client apparatus 20 side to the printer system 10 was adopted. 
[0031]The key map of the system of this embodiment is shown in drawi ng 4. According to this 
embodiment, the same cipher system (algorithm) as the client apparatus 20 and the printer 
system 10 is carried. And the user A sends the encryption data 180 obtained by enciphering the 
print data using a desired authorization code on the client apparatus 20 to the printer system 10, 
when it desires security of print data. 

[0032]For the check of the decoding result by the side of the printer system 10, the data 160 for 
collation of a checksum etc. is added to the encryption data 180 to transmit, and also the 
identification information 1 10 and the authentication flag 170 are added to it. The authentication 
flag 170 is a flag which shows whether the print data to transmit are the encryption data 180 of 
what requires attestation, or it is data of PDL or application which is not enciphered. This is 
used in order to distinguish whether decoding processing is required for the data which the 
printer system 10 received. If the printer system 10 can distinguish the necessity of decoding 
processing by a file name and other attribution information, the authentication flag 170 has it. 
[ unnecessary ] 

[0033]Although the graphic display was omitted in drawing 4, when the print data transmitted 
from the client apparatus 20 are things without the necessity for security, the data 160 for 
collation is not added but the authentication flag 170 is set as the value which shows attestation 
(decoding and collation) needlessness. 

[0034]From the client apparatus 20, the print server 12 which received the data of the printing 
request keeps those information to the memory storage 14. And the list of the identification 
information 1 10 of these stored data is displayed on the UI section 18, and it waits for selection 
from a user. 

[0035]When a user chooses data, the print server 12 investigates the authentication flag 170 of 
the data. As a result, if attestation is unnecessary, the data will be changed into the form of PDL 
which can process the print engine 16, and a printout will be carried out from the print engine 16. 
On the other hand, if attestation is required, the input of an authorization code will be demanded 
fro m a user and the encryption data 180 will be decrypted by using as a key the authorization 
code inputted according to this. And it is inspected using the data 160 for collation whether the 
decoding result is a right thing. Henceforth, the same processing as Embodiment 1 is performed, 
and, as for a right case, a printout is performed for a decoding result. 
[0036]Thus, in this embodiment, since it is not necessary to pass an authorization code 
(encryption key) directly to the printer system 10, security improves more. 
[0037][Embodiment 3] Each above embodiment had set up the authorization code (encryption 
key) by the user side. On the other hand, according to this embodiment, an authorization code is 
set up by the printer system 10 side, and the method which notifies this to the user side is 
taken. Hereafter, a user has the personal digital assistant 20a as a client apparatus, and the 
example in the case of directing printing etc. using an E-mail is described. 

[0038]A user sends E-mail 300 having contained the (1) print data 302 to the printer system 10 
from the personal digital assistant 20a to print. The print data 302 are built into E-mail 300, for 
example in forms, such as the text of an E-mail, and an attached file. 

[0039]The print server 12 of the printer system 10 which received this gives the authorization 
code 312 and the identification information 314 to a printing request with the E-mail 300. And 
like Embodiment 1, the print server 12 generates the data 360 for collation from the print data 
302 in E-mail 300, matches this with the identification information 314, and memorizes it to the 
memory storage 14. By the given authorization code 312, the print server 12 enciphers the print 
data 302, matches them with the identification information 314 by using the encryption result as 
the stored data 350, and is kept to the memory storage 14. And the (2) print server 12 replies E- 
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mail 310 having contained the identification information 314 and the authorization code 312 to 
the personal digital assistant 20a of transmitting [ printing request mail ] origin. This mail 310 
may contain the message of the purport that the printer system 10 received the printing request. 

[0040]And if a user moves till the place of the printer system 10, he will send a reply from the 
personal digital assistant 20a to E-mail 310 from the printer system 10 like (3) points. If it is set 
as the e-mail system which the personal digital assistant 20a carries leave the original message 
to mail of a reply, the authorization code 312 and the identification information 314 will be 
automatically included in E-mail 320 replied. The user does not have to do the manual entry of 
these authorization codes 312 anew. 

[0041 ]The print server 12 which received this mail 320 extracts the identification information 
314 and the authorization code 312 from that mail 320, and picks out the stored data 350 and 
the data 360 for collation corresponding to that identification information 314 from the memory 
storage 14. And the print server 12 decodes the authorization code 312 for the stored data 350 
as a key, and judges the propriety of the decoding result with the data 360 for collation. And a 
decoding result makes the print engine 16 print to a right case, and when a decoding result is not 
right, the mail which notifies the purport of an error to a user is transmitted. 
[0042]Thus, in this embodiment, while the same effect as embodiment 1 grade is acquired, the 
time and effort of an input of the user in the case of output instruction can be saved by using 
the structure of an E-mail. Even standard mailer software should just be carried in users' device, 
and it is not necessary to provide the special hardware and software for this structure in it. 



[Translation done.] 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

LThis document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



DESCRIPTION OF DRAWINGS 

[Brief Description of the Drawings] 

[Drawng 1]It is a figure for explaining the system of Embodiment 1. 

[Drawing 2]It is a flow chart which shows the operation at the time of the data receiving of a 
print server. 

[Drawing 3] I t is a flow chart which shows the operation at the time of output instruction 
reception of a print server. 

[Dra\A/ing 4]It is a figure for explaining the system of Embodiment 2. 
EQrawing 5]It is a figure for explaining the system of Embodiment 3. 
[Description of Notations] 

10 A printer system and 12 [ A network, 100 print data, and 1 10 / Identification information, 120 
authorization codes, 150 stored data, and 160 / Data for collation. ] A print server and 14 
Memory storage and 16 Print engine, the 18 UI section, 20 client apparatus, and 30 



[Translation done.] 
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